PostgreSQL is now a CVE Numbering Authority (CNA)

Posted on 2024-01-18 by PostgreSQL Global Development Group
PostgreSQL Project Security

The PostgreSQL Security team is pleased to announce that PostgreSQL is now a CVE Numbering Authority (CNA). A CNA has responsibilities for assigning CVE IDs and participating in responsible disclosure with projects within its scope. You can find out more information about the role of PostgreSQL as a CNA on the PostgreSQL security page:

https://www.postgresql.org/support/security/

The process for reporting a security vulnerability in PostgreSQL has not changed. If you believe you have discovered a security vulnerability in PostgreSQL, please send an email to security@postgresql.org. For more information on what is considered a vulnerability and the reporting process, please review the PostgreSQL security page:

https://www.postgresql.org/support/security/

You can find the original announcement on PostgreSQL being added as a CNA on the CVE page:

https://www.cve.org/Media/News/item/news/2024/01/16/PostgreSQL-Added-as-CNA